[Freeipa-devel] [PATCH] 488 use the python-nss CertificateRequest object
Adam Young
ayoung at redhat.com
Wed Jul 28 20:32:48 UTC 2010
On 07/20/2010 02:12 PM, Rob Crittenden wrote:
> This drops our own PKCS#10 parser and uses the one from python-nss. I
> had to bump up the minimum required version of python-nss to pick up
> some new API for this.
>
> This introduces some new challenges for us. NSS needs to be
> initialized for you to do any sort of operations otherwise you get
> ugly segfaults. So I added in some catch-all no_db inits to try to
> prevent this. I also had to add in some code when making SSL requests
> so that the right database is opened. AFAIK NSS still lacks the
> ability to operate on multiple databases concurrently. Once that is
> available this code becomes lots better.
>
> Despite this, using the NSS parser is still safer. My PKCS#10 parser
> seemed ok but getting the extension requests out was a nightmare. It
> is much easier with python-nss.
>
> rob
>
>
> _______________________________________________
> Freeipa-devel mailing list
> Freeipa-devel at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-devel
ACK
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20100728/8172b5a9/attachment.htm>
More information about the Freeipa-devel
mailing list